УДК 657.6
МОШЕННИЧЕСТВО В ОРГАНИЗАЦИИ И РОЛЬ ВНУТРЕННЕГО АУДИТА
Хорват Татьяна
доктор наук, факультет менеджмента
Университет Приморска, Копер, Словения
FRAUDS IN THE ORGANIZATION AND THE ROLE OF INTERNAL AUDIT
Tatjana Horvat
doctor, faculty of management,
University of Primorska, Koper, Slovenia
Менеджмент организации должен быть осведомлен о риске мошенничества в организации, отчего преодоление рискаов мошенничества является неотъемлемой частью деятельности каждой организации. Для того, чтобы помочь руководству организации в выявлении этого риска существует внутренний аудит. Руководство должно установить реестр рисков и внутреннего контроля в организации.
Ключевые слова: менеджмент, мошенничество, внутренний аудит
Management of the organization must be aware of the risk of fraud in the organisation, therefore the risk management of fraud is integral part of the operations in each organization. To assist management of the organization in the detection of fraud and fraud risk there are internal auditors. The management should set the risk register and internal control in organisation.
Key words: management, fraud, internal audit
Frauds within the organization
ACFE (Association of Certified Fraud Examiners) had published data from their study of global deception, which showed that companies had at least 5% of the revenue losses due to fraud. KPMG's Fraud Survey documented a marked increase in overall fraud levels since its 1998 survey, with employee fraud by far the most common type of fraud (Wolfe, Hermanson, 2004, p. 38). This trend is consistent with the unprecedentent recent spate of large financial frauds in world companies, such as Enron, Worldcom, Parlamat etc.. Kopp in Gonzales (2016) said the personal characteristics of employees are the reasons for commiting a fraud.
Frauds may be a multitude of irregular and illegal acts, which lead to willful deceit and are in favor or to the detriment of the company. Cause may be the person in or outside the company.
To fraud in favor of company bring unjustified or unfair advantage, which can deceive an external customer; that perpetrators generally have an indirect benefit. Fraud in detriment of the company bring in general benefit for a person within the organization, a person outside the organization or another organization. (Standards for the Professional Practice of Internal Auditing - Procedures manuals, Slovenian Audit Institute, Ljubljana, 2003, p. 36 -42).
Frauds in organisations are investigated by internal auditors, lawyers, investigators, security guards and other professionals within the company or outside.
Cases of indicators of fraud within the organization easily could be anapproved transactions, unexplained exceptions in pricing, stealing money of customers or clients, stealing in the warehouse, fictional accounts of suppliers, displaying fictitious sales of revenue, unusually large losses on products, unusually large losses on inventories, fictitious invoice approval, manipulation of financial statements, manipulation of financial reports, and more.
Among the reasons, why it happens within the organization are the personal characteristics of employees. Kopp in Gonzales (University of Lethbridge, Canada, 2016) explore how personality traits affect the individual to commit a fraud and what individual's characteristics refer a person to commit fraud. They had studied how much likely would individuals with personal characteristics, such as honesty, machiavellianizem, narcissism and conscientiousness, commit a fraud. Their survey showed that personal characteristics that significantly affect the risk of fraud are honesty and machiavellianizem. Narcissism and conscientiousness do not affect the risk of commiting a fraud.
Management of the organization must be aware of the risk of fraud in the organisation. Therefore, the risk management of fraud is integral part of the operations in each organization. The risk in an organization is risk of unit, of the event and so on, without management initiation of any action that would reduce either the likelihood of its occurrence or its impact. When the management as a response to the risk, adopt risk minimization activities, we can talk about the remaining risks (Enterprise Risk Management - Integrated Framework, 2004, p. 49).
Each organization is faced with different risks of fraud and these has to be assessed. As is apparent from various literature, risk management means managing of risks and limiting them to an acceptable level. Therefore, scams and risks of fraud must be anticipated. For each type of fraud risk we need to specify the size of the risk, the importance of risk, priorities and measures, how will we reduce the risk. In doing so, we can help with the editing of risks by the document, which we prepared ourselves and called it Risk register (see Table 1). It is important know that the the Risk register is not a document, which is prepared and forgotten, it has to be updated annually.
In preparing of the Risk register next steps are recommended (Horvat, 2011, 438):
- define and examine the business objectives of the organization;
- identify risks that could jeopardize the attainment of the objectives;
- assess the risks in terms of likelihood, consequences, importance and identify priority
risks;
- identify improvement measures;
- determine the responsible persons and timing of the measures;
- monitoring, whether risks are changing, or is it necessary for risk management to introduce
additional measures;
- set the administrator of Risk register, adopt rules regarding the management and updating of
the Risk register.
Table 1: Possible Risks and Their Identification Through the Risk Rules
Risks |
Probability |
Action |
The Responsible Person |
Time limit |
Physical protection and security of digital data |
Low |
Verification of start-up regime |
The IT manager |
Six months |
… |
|
|
|
|
When the company evaluated the risks of fraud, according to its risk appetite it has to decide for a strategy of risk management. The strategies can be divided into four groups (Enterprise Risk Management: Integrated Framework, 2004, p. 53):
· Avoidance – The company decided to avoid the risk to withdraw from risky situations or does not enter into it. An example of this represent sales of department or suspension of the production line.
· Reduction – The company reduced the likelihood of the occurrence of risk or its effects or both to introduce appropriate control action.
· Transfer – The company decides to transferred a part of risk to the other participants.
· Common forms of such response to the risk are transfers to the insurance funds and provision of services to others.
· Acceptance – The company in relation to the risk does not accept any action.
As the legal and business conditions constantly change, a permanent risk assessment must become an iterative process (Sawyer, Dittenhofer, Scheiner, 2003, p. 66).
The role of internal audit in the detection of frauds
To assist management of the organization in the detection of fraud and fraud risk there are internal auditors. They are employees of the organization or organization hired them. We especially emphasize that internal auditors must have a sufficient knowledge to assess whether there is a risk of fraud, but from them are not expected to have the expertise of a person whose primary responsibility is detecting and investigating fraud (Standards for the Professional Practice of Internal Auditing - Standard 1210.A2).
Internal auditing consists of internal monitoring of different processes in organisation. Internal monitoring supervises especially the financial management system, which comprises the setting up and implementation of financial plans, accounting and reporting in order to achieve the set objectives and to assure the protection of assets from loss, damage and fraud (Horvat, 2007, p. 157).
Internal auditing provides autonomous assessment of financial management and control systems as well as counselling to the management on how to improve their efficiency. In contrast to internal auditing, controlling is mainly a preventive control based on professional simultaneous (parallel) establishing of facts by persons accountable for the management. The management is usually accountable for setting the internal controls.
For example, an important element of internal audit is monitoring the regularity of financial control system of data, the reliability of its operation and the manner of preparing financial reports, especially financial statements. Internal audits of accounting also verify and assess computer programs, especially the functioning of built-in controls as well as the protection against unauthorized interference in computer data.
The leader of the organisation should require from assistant headmaster or any other person accountable at organisation to set up such an internal control system, which will provide a transparent institute management, compliance with legality and regular operation and which will assure effective, efficient and economical management. It is significant thereby that the internal control is implemented by another person who is not in the management as leaders should not monitor themselves. Computerized accounting data have an important part of control built-in the applied computer programs. Additional internal monitoring of management is provided by internal auditing.
Each employee in organisation is accountable for their areas of work in accordance with the definitions in employment agreements or the act on the classification of assignments and duties and in compliance with these rules. Financial control system also monitors the accountability of persons responsible for assets, protection of assets from theft, loss, inefficient use, the accountability for liabilities, cost and revenue.
In the context of accounting, internal monitoring is provided for in compliance with the internal rules and built-in internal accounting controls. The objective of accounting control is to obtain reliable statements of account and budgets, which are parts of the financial plan and the annual report (Horvat, 2007, p. 158)..
With the introduction of the internal control of fraud risks, we establish a control environment. Control environment include integrity, ethical values, philosophy and management style, way of determining the powers and responsibilities, organizing and developing the skills of employees (Cukon Mavec, 2006, pp. 5-6).
As a possible organizational internal controls are the following:
- responsibilities of employees must be recorded in the internal acts,
- clearly written and granted powers and responsibilities of employees,
- Physical protection,
- IT control,
- Independent monitoring,
- Reporting of deviations of planned and realized
- Cross-checks, etc.
Conclusion
Aiming to reduce of frauds in the organization, active role of the internal auditor is recommended for the support of management in identifying and assessing the risks of frauds.
The internal auditor has to be helpful to check, independently and impartially, whether the internal risk control of frauds are operate.
The internal control system comprises a system of procedures and methods with the objective to assure compliance with the principles of legality, transparency, efficiency, effectiveness and economy. The financial control of data verifies the regularity of accounting data and the correction of found irregularities as well as the inventory of assets and liabilities. This means monitoring of bookkeeping documents, keeping subsidiary book of account, analytical records and general ledgers as well as the transmission of accounting data to outside users.
References
1. Cukon-Mavec, N.: Priprava samoocenitve pri neposrednih in posrednih prora unskih uporabnikih. Zbornik referatov 8. izobra~evalni seminar o javnih financah in dr~avnem revidiranju, 2006, p. 147-160). Zveza ekonomistov Slovenije, Portoro~, 2006.
2. Enterprise Risk Management - Integrated Framework, 2004, p. 49
3. Horvat, T.: Leader accountability for school financial management. Professional challenges for school effectiveness and improvement in the era of accountability : proceedings of the 20th Annual World ICSEI Congress. Ljubljana: National School for Leadership in Education; Koper: Faculty of Management, 2007, p. 153-168.
4. HORVAT, T.: Transferring internal control knowledge from legislation to school management: the case of Slovenia. Knowledge as business opportunity : proceedings of the Management, Knowledge and Learning International Conference 2011, 22-24 June 2011, Celje, Slovenia. Celje: International School for Social and Business Studies, 2011, p. 435-444
5. Kopp, L. and Gonzales, G.: The Use of Personality Traits to Predict Propensity to Commit Fraud. University of Lethbridge – University of Primorska, 2016.
6. Sawyer B. L., Dittenhofer A. M., Scheiner H. J.: Sawyers Internal Auditing: The Practice of Modern Internal Auditing. Altamonte Spring: Institute of Internal Auditing, 2003.
7. Slovenian Institute of Auditors: Standards for the Professional Practice of Internal Auditing - Procedures manuals, Slovenian Audit Institute, Ljubljana, 2003, p. 36 -42.
8. Standards for the Professional Practice of Internal Auditing - Standard 1210.A2
9. Wolfe, D. T, and Hermanson, D. R. 2004. “The Fraud Diamond: Considering the Four Elements of Fraud.« The CPA Journal, Dec 2004: p. 38-42.
10. COSO: Enterprise Risk Management – Integrated Framework. September 2004, www.coso.org.